Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dextractor-1.0/DB.c Examining data/dextractor-1.0/DB.h Examining data/dextractor-1.0/QV.c Examining data/dextractor-1.0/QV.h Examining data/dextractor-1.0/dexqv.c Examining data/dextractor-1.0/dexta.c Examining data/dextractor-1.0/dextract.c Examining data/dextractor-1.0/undexqv.c Examining data/dextractor-1.0/undexta.c FINAL RESULTS: data/dextractor-1.0/DB.c:194:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cat,"%s%s%s%s",path,sep,root,suffix); data/dextractor-1.0/DB.c:214:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(suffix,"%s%d%s",left,num,right); data/dextractor-1.0/DB.c:453:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbvis,DB_NFILE,&nfiles) != 1) data/dextractor-1.0/DB.c:458:11: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbvis,DB_FDATA,&tlast,fname,prolog) != 3) data/dextractor-1.0/DB.c:462:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbvis,DB_NBLOCK,&nblocks) != 1) data/dextractor-1.0/DB.c:473:13: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. { if (fscanf(dbvis,DB_PARAMS,&size,&cutoff,&all) != 3) data/dextractor-1.0/DB.c:485:15: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbvis,DB_BDATA,&ufirst,&tfirst) != 2) data/dextractor-1.0/DB.c:489:13: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(dbvis,DB_BDATA,&ulast,&tlast) != 2) data/dextractor-1.0/DB.c:758:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(istub,DB_NFILE,&nfiles) != 1) data/dextractor-1.0/DB.c:776:17: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. { if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3) data/dextractor-1.0/DB.c:787:17: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3) data/dextractor-1.0/DB.c:808:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. fscanf(istub,DB_NFILE,&nfiles); data/dextractor-1.0/DB.c:812:13: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. { fscanf(istub,DB_FDATA,&last,fname,prolog); data/dextractor-1.0/DB.c:817:13: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. { fscanf(istub,DB_FDATA,&last,fname,prolog); data/dextractor-1.0/DB.c:876:17: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. { if (fscanf(istub,DB_FDATA,&last,fname,prolog) != 3) data/dextractor-1.0/DB.h:78:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define EPRINTF sprintf data/dextractor-1.0/DB.h:84:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define EPRINTF fprintf data/dextractor-1.0/dexqv.c:132:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(coding->prefix,read); data/dextractor-1.0/dextract.c:357:19: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(output,header,b->shortName,h,ibeg,iend,qv); data/dextractor-1.0/DB.c:78:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Ebuffer[1000]; data/dextractor-1.0/DB.c:123:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(name,mode)) == NULL) data/dextractor-1.0/DB.c:304:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *s++ = (char ) ((s0[i] << 6) | (s1[i] << 4) | (s2[i] << 2) | s3[i]); data/dextractor-1.0/DB.c:338:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { static char letter[4] = { 'a', 'c', 'g', 't' }; data/dextractor-1.0/DB.c:346:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { static char letter[4] = { 'A', 'C', 'G', 'T' }; data/dextractor-1.0/DB.c:356:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { static char number[128] = data/dextractor-1.0/DB.c:430:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((dbvis = fopen(cat,"r")) == NULL) data/dextractor-1.0/DB.c:434:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((dbvis = fopen(cat,"r")) == NULL) data/dextractor-1.0/DB.c:450:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAX_NAME], prolog[MAX_NAME]; data/dextractor-1.0/DB.c:755:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prolog[MAX_NAME], fname[MAX_NAME]; data/dextractor-1.0/DB.c:979:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { afile = fopen(Catenate(db->path,Numbered_Suffix(".",db->part,"."),track,".anno"),"r"); data/dextractor-1.0/DB.c:983:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { afile = fopen(Catenate(db->path,".",track,".anno"),"r"); data/dextractor-1.0/DB.c:1037:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { afile = fopen(Catenate(db->path,Numbered_Suffix(".",db->part,"."),track,".anno"),"r"); data/dextractor-1.0/DB.c:1041:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). { afile = fopen(Catenate(db->path,".",track,".anno"),"r"); data/dextractor-1.0/DB.c:1060:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dfile = fopen(name,"r"); data/dextractor-1.0/dextract.c:584:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((in = fopen(full,"r")) == NULL) data/dextractor-1.0/undexqv.c:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *entry[5] = { NULL, NULL, NULL, NULL, NULL }; data/dextractor-1.0/undexqv.c:177:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. entry[0] = (char *) Realloc(entry[0],5*emax,"Reallocating QV entry buffer"); data/dextractor-1.0/DB.c:163:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { epos = strlen(find); data/dextractor-1.0/DB.c:164:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). epos -= strlen(suffix); data/dextractor-1.0/DB.c:183:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path); data/dextractor-1.0/DB.c:184:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(sep); data/dextractor-1.0/DB.c:185:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(root); data/dextractor-1.0/DB.c:186:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(suffix); data/dextractor-1.0/DB.c:205:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(left); data/dextractor-1.0/DB.c:206:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(right) + 40; data/dextractor-1.0/DB.c:408:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen(path); data/dextractor-1.0/DB.c:821:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { HITS_READ read; data/dextractor-1.0/DB.c:824:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (fread(&read,sizeof(HITS_READ),1,indx) != 1) data/dextractor-1.0/DB.c:829:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fseeko(quiva,read.coff,SEEK_SET); data/dextractor-1.0/DB.c:1225:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { char *read; data/dextractor-1.0/DB.c:1239:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int Load_Read(HITS_DB *db, int i, char *read, int ascii) data/dextractor-1.0/DB.c:1263:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (fread(read,clen,1,bases) != 1) data/dextractor-1.0/DB.c:1268:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Uncompress_Read(len,read); data/dextractor-1.0/DB.c:1270:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { Lower_Read(read); data/dextractor-1.0/DB.c:1271:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = '\0'; data/dextractor-1.0/DB.c:1274:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { Upper_Read(read); data/dextractor-1.0/DB.c:1275:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = '\0'; data/dextractor-1.0/DB.c:1278:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = 4; data/dextractor-1.0/DB.c:1282:64: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char *Load_Subread(HITS_DB *db, int i, int beg, int end, char *read, int ascii) data/dextractor-1.0/DB.c:1310:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (fread(read,clen,1,bases) != 1) data/dextractor-1.0/DB.c:1315:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Uncompress_Read(4*clen,read); data/dextractor-1.0/DB.c:1317:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[len] = 4; data/dextractor-1.0/DB.c:1319:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { Lower_Read(read); data/dextractor-1.0/DB.c:1320:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = '\0'; data/dextractor-1.0/DB.c:1323:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { Upper_Read(read); data/dextractor-1.0/DB.c:1324:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = '\0'; data/dextractor-1.0/DB.c:1327:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[-1] = 4; data/dextractor-1.0/DB.c:1329:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return (read); data/dextractor-1.0/DB.c:1485:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen(path); data/dextractor-1.0/DB.c:1490:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen = strlen(root); data/dextractor-1.0/DB.c:1514:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). { strncpy(root,name,rlen); data/dextractor-1.0/DB.c:1518:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). { strncpy(root,name,rlen); data/dextractor-1.0/DB.c:1538:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dlen = strlen(name); data/dextractor-1.0/DB.h:391:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int Load_Read(HITS_DB *db, int i, char *read, int ascii); data/dextractor-1.0/DB.h:400:64: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char *Load_Subread(HITS_DB *db, int i, int beg, int end, char *read, int ascii); data/dextractor-1.0/QV.c:423:55: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static void Encode(HScheme *scheme, FILE *out, uint8 *read, int rlen) data/dextractor-1.0/QV.c:465:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { x = read[k]; data/dextractor-1.0/QV.c:485:72: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static void Encode_Run(HScheme *neme, HScheme *reme, FILE *out, uint8 *read, int rlen, int rchar) data/dextractor-1.0/QV.c:514:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (k < rlen && read[k] == rchar) data/dextractor-1.0/QV.c:526:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { x = read[k]; data/dextractor-1.0/QV.c:547:52: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static int Decode(HScheme *scheme, FILE *in, char *read, int rlen) data/dextractor-1.0/QV.c:620:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[j] = (char) c; data/dextractor-1.0/QV.c:632:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[j] = (char) c; data/dextractor-1.0/QV.c:641:69: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static int Decode_Run(HScheme *neme, HScheme *reme, FILE *in, char *read, data/dextractor-1.0/QV.c:687:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[j++] = (char) rchar; data/dextractor-1.0/QV.c:698:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[j] = (char) c; data/dextractor-1.0/QV.c:712:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[j++] = (char) rchar; data/dextractor-1.0/QV.c:723:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[j] = (char) c; data/dextractor-1.0/QV.c:801:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen = strlen(Read); data/dextractor-1.0/QV.c:813:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen += strlen(Read+rlen); data/dextractor-1.0/QV.c:823:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (rlen != (int) strlen(other)) data/dextractor-1.0/QV.c:1158:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(coding->prefix); data/dextractor-1.0/dexqv.c:119:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { char *slash, *read; // Get header line prefix from first line data/dextractor-1.0/dexqv.c:126:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). coding->prefix = (char *) malloc((slash-read)+1); data/dextractor-1.0/dexqv.c:132:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). strcpy(coding->prefix,read); data/dextractor-1.0/dexta.c:90:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { char *read; data/dextractor-1.0/dexta.c:127:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). eof = (fgets(read,MAX_BUFFER,input) == NULL); data/dextractor-1.0/dexta.c:128:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read[strlen(read)-1] != '\n') data/dextractor-1.0/dexta.c:128:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (read[strlen(read)-1] != '\n') data/dextractor-1.0/dexta.c:128:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read[strlen(read)-1] != '\n') data/dextractor-1.0/dexta.c:132:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!eof && read[0] != '>') data/dextractor-1.0/dexta.c:137:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). slash = index(read,'/'); data/dextractor-1.0/dexta.c:146:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = slash-read; data/dextractor-1.0/dexta.c:148:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fwrite(read,1,slash-read,output); data/dextractor-1.0/dexta.c:148:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fwrite(read,1,slash-read,output); data/dextractor-1.0/dexta.c:184:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x = strlen(read+rlen)-1; data/dextractor-1.0/dexta.c:185:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read[rlen+x] != '\n') data/dextractor-1.0/dexta.c:190:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (eof || read[rlen] == '>') data/dextractor-1.0/dexta.c:195:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read = (char *) Realloc(read,rmax+1,"Reallocaing read buffer"); data/dextractor-1.0/dexta.c:200:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read[rlen] = '\0'; data/dextractor-1.0/dexta.c:222:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Number_Read(read); data/dextractor-1.0/dexta.c:223:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Compress_Read(rlen,read); data/dextractor-1.0/dexta.c:224:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fwrite(read,1,COMPRESSED_LEN(rlen),output); data/dextractor-1.0/dexta.c:239:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). free(read); data/dextractor-1.0/undexta.c:113:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { char *read; data/dextractor-1.0/undexta.c:214:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read = (char *) Realloc(read,rmax+1,"Allocating read buffer"); data/dextractor-1.0/undexta.c:218:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (fread(read,clen,1,input) != 1) data/dextractor-1.0/undexta.c:221:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Uncompress_Read(rlen,read); data/dextractor-1.0/undexta.c:222:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Lower_Read(read); data/dextractor-1.0/undexta.c:248:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). free(read); ANALYSIS SUMMARY: Hits = 120 Lines analyzed = 5089 in approximately 0.17 seconds (29307 lines/second) Physical Source Lines of Code (SLOC) = 3446 Hits@level = [0] 142 [1] 83 [2] 18 [3] 0 [4] 19 [5] 0 Hits@level+ = [0+] 262 [1+] 120 [2+] 37 [3+] 19 [4+] 19 [5+] 0 Hits/KSLOC@level+ = [0+] 76.0302 [1+] 34.823 [2+] 10.7371 [3+] 5.51364 [4+] 5.51364 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.